In a recent blog we explored the relationship between data protection compliance and ‘box ticking’. But how can that knowledge be used to achieve a more compliant organisation?
When the correct level of information is collected the outputs will improve your knowledge, and be very useful to your role in data protection and help evidence compliance.
Here are six tips on how you might use this knowledge:
- Develop a risk management process, document the risks that your RoPA helps you to identify and work with the activity owners to mitigate the risks. Monitor progress and update your RoPA once the compliance around activities is improved.
- Record your decisions on Legitimate Interest Assessments (LIAs), work to remove activities which fail the balancing tests and maintain a register of legitimate activities, this will inform your privacy notice and evidence compliance when needed.
- Undertake DPIAs to ensure that all failing High Risk Assessments are addressed, work to mitigate risks to an acceptable level and if you can’t achieve this, consult with the supervisory authority.
- Escalate contract concerns, to ensure that third party relationships are legally compliant and, work with IT to gain more assurance around IT security, especially if you are sharing data for high risk activities.
- Establish regular working groups with your data owners and IT, using your prioritised risks to determine where data protection issues need to be addressed.
- Keep your stakeholders informed by using the management information you have created as part of the data collection and risk management processes. Having the information available to you allows you to highlight risks and promote the data protection cause and obtain executive buy-in.
If you would like to learn more about how ProvePrivacy can tick the boxes for your organisation, book a demonstration.
